The popular ride-sharing service Uber has been hit by various controversies lately, but now the things gone even worse for the company when a security researcher made a worrying discovery this week and claims, "Uber’s app is literally malware."

The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users’ data is being collected by the company’s mobile application for Android.

Researcher, who runs a cyber security firm in Arizona, just reverse-engineered the code of Uber’s Android application and come to the conclusion that it is a malware. He discovered that the app "calls home" and sends data back to the company.

But this excessive amount of access to users’ data is not the sort of app data a taxi company should have access to in the first place. It really seems strange and unnecessary to collect.

"Why the hell would they need this? I know I keep asking questions, but here’s some answers: Uber checks to see if your device is rooted. It doesn’t tell you of course, it just wants to know so it can phone home and tell them about it. I also saw checks for malware, application activity and a bunch of other stuff," the publication adds.

The ride-driving company might have some legitimate reason to make use of most of this collected information in the app, perhaps for fraud detection or an intelligence-gathering tool. But, the problem is that the information is being sent and collected by Uber’s servers without any knowledge or permission of the app user. Neither the extent of the data the Uber app collects seems to go beyond the data set shown on its permissions screen.

Uber responded to the issue and said in a statement to Cult of Mac, "Access to permissions including Wifi networks and camera are included so that users can experience full functionality of the Uber app. This is not unique to Uber, and downloading the Uber app is of course optional."